Chap 23 - Fabric Technologies Flashcards

Question 1

Q

What 7 capabilities are leveraged by SD-Access?

Answer

A

Network automation
Network assurance and analytics
Network virtualization
Host mobility
Identity Services
Policy enforcement
Secure segmentation

Question 2

Q

What 2 main components make up SD-Access?

Answer

A

Cisco campus fabric solution
Cisco DNA Center

Question 3

Q

When is the campus fabric solution just called a Campus Fabric Solution

Answer

A

When the campus fabric is managed using the CLI or an API using Network Configuration Protocol (Netconf/Yang)

Question 4

Q

What is SD-Access?

Answer

A

When the Campus Fabric Solution is managed with Cisco DNA Center

Question 5

Q

What is NETCONF/YANG?

What does it do?
What is NETCONF?
What is YANG?

Answer

A

Provides a standardized way to configure network devices
Netconf is the protocol
Yang is the modeling language

Question 6

Q

What are the 4 layers that make up SD-Access?

Answer

A

Physical layer
Network layer (underlay and overlay networks)
Controller layer
Management layer

Question 7

Q

What 5 devices are in the Physical layer?

Answer

A

Routers
Switches
Wireless
ISE
Cisco DNA Center

Question 8

Q

What 2 things make up the Network layer?
And what does each one consist of?

Answer

A

Underlay network (settings, protocols)
Overlay network (LISP, VXLAN, CTS)

Question 9

Q

What is in the Controller layer?

What are 2 devices in the controller layer?
What are 2 platforms in the controller layer?
On which of the devices do the 2 platforms reside?

Answer

A

DNA Center
ISE
Network Control Platform (NCP)
Network Data Platform (NDP)
They reside on DNA-C

Question 10

Q

What is in the Management layer and what are 5 functions it serves?

Answer

A

DNA Center GUI
Functions:
- Automation
- Design
- Policy
- Provision
- Assurance

Question 11

Q

What is a switch called that does not participate in the SD-Access fabric but is part of it because of automation?

Answer

A

SD-Access Extension Node

Question 12

Q

What 2 things must infrastructure devices support in order to participate in SD-Access?

Answer

A

They must support all of the hardware ASICs
They must support Field Programmable Gate Arrays

Question 13

Q

what 2 controllers are required for SD-Access?

Answer

A

Identity Services Engine (ISE)
DNA Center

Question 14

Q

What is the purpose of the underlay network?

Answer

A

its sole purpose is to transport data packets between network devices for the SD-Access fabric overlay.

Question 15

Q

What is an overlay network and what is its purpose?

Answer

A

It is a virtual tunneled network that connects all of the network devices to form a fabric of interconnected nodes
It abstracts the inherent complexities and limitations of the underlay network

Question 16

Q

How should the underlay network be configured?

When configuring it what are 3 goals to achieve?
Why is it so important to achieve these goals?

Answer

A

It should ensure
- performance
- scalability
- high availability
Because any problems with the underlay will affect the operation of the fabric overlay.

Question 17

Q

Is it possible to use STP in the underlay network?

Answer

A

It is possible but it is not recommended.

Question 18

Q

What are the recommended designs for Layer 2 and Layer 3 in the underlay network?

Answer

A

Layer 3 routed access layer
ISIS as the IGP

Question 19

Q

What 3 reasons are why ISIS is the recommended IGP for the underlay network?

Answer

A

Neighbor establishment without IP dependencies
Peering capability using loopback addresses
Agnostic treatment of IPv4, IPv6, and non-IP traffic.

Question 20

Q

What 2 models of underlay are supported?

Answer

A

Manual underlay
Automated underlay

Question 21

Q

What is the manual model of underlay?

Answer

A

It is configured and managed manually (such as with a CLI or an API) rather than through Cisco DNA Center

Question 22

Q

What are 2 advantages of the manual model of underlay?

Answer

A

It allows customization of the network to fit any special design requirements (such as changing the IGP to OSPF)
It allows SD-Access to run on the top of a legacy (or third-party) IP-based network

Question 23

Q

What is the Automated Model of underlay?

Answer

A

It is configured and managed by the Cisco DNA Center LAN Automation feature

Question 24

Q

What does the Cisco DNA Center LAN Automation feature do when used to configure the underlay network?

Answer

A

Creates an IS-IS routed access campus design
Uses the Cisco Network Plug and Play features to deploy both unicast and multicast routing configuration

Question 25

Q

What are 3 advantages of using the Automated model of underlay?

Answer

A

Eliminates misconfigurations
Reduces the complexity of the network underlay
Greatly simplifies and speeds the building of the network underlay.

Question 26

Q

What is a disadvantage of using the Automated model of underlay?

Answer

A

It does not allow manual customization for special design requirements.

Question 27

Q

What are 3 things that the Overlay Network (SD-Access Fabric) provides?

Answer

A

Provides policy-based network segmentation
Host mobility for wired and wireless hosts
Enhanced security beyond the normal switching and routing capabilities of a traditional network

Question 28

Q

What type of model is the Overlay Network, manual or automated?

Answer

A

Always fully automated regardless of what model is used on the underlay network

Question 29

Q

What 2 things does the Overlay network include?

Answer

A

All necessary overlay control plane protocols and addressing
All global configurations associated with operation of the SD-Access fabric.

Question 30

Q

If the Overlay is manually configured without the use of Cisco DNA Center what is it called?

Answer

A

A campus fabric solution (not SD-Access)

Question 31

Q

What are the 3 basic planes of operation of SD-Access fabric?

Answer

A

Control plane (based on Locator/ID Separation Protocol (LISP))
Data plane, based on Virtual Extensible LAN (VXLAN)
Policy plane, based on Cisco TrustSec

Question 32

Q

What is LISP?

Answer

A

Based on a simple endpoint ID (EID) to routing locator (RLOC) mapping system
It separates the identity (endpoint IP address) from its current location (network edge/border router IP address).

Question 33

Q

How does LISP simplify traditional routing environments?

Answer

A

Uses Pull Routing
By moving remote destination information to the LISP map server (MS) (a control plane node in SD-Access)
This allows each router to manage only its local routes and query the map system to locate destination EIDs.

Question 34

Q

What are 4 advantages for SD-Access when using LISP as the control plane?

Answer

A

Smaller routing tables
Dynamic host mobility for wired and wireless endpoints
Address-agnostic mapping (IPv4, IPv6, and/ or MAC)
Built-in network segmentation through VRF instances.

Question 35

Q

What enhancements to LISP have been added for SD-Access?

Answer

A

Distributed Anycast Gateway
VN Extranet
Fabric Wireless

Question 36

Q

What is the tunneling technology for SD-Access based on?

Answer

A

Virtual Extensible LAN (VXLAN)

Question 37

Q

What encapsulation is used by VXLAN?

Answer

A

MAC-in-IP encapsulation
It can be forwarded by any IP-based network (legacy or third party)
In this way it creates the overlay network for the SD-Access fabric.

Question 38

Q

Why doesn’t SD-Access use LISP encapsulation instead of VXLAN encapsulation?

Answer

A

Because VXLAN is capable of encapsulating the original Ethernet header to perform MAC-in-IP encapsulation, while LISP does not.

Question 39

Q

What does VXLAN allow for?

Answer

A

It allows the SD-Access fabric to support Layer 2 and Layer 3 virtual topologies (overlays)
Gives it the ability to operate over any IP-based network
Has built-in network segmentation (VRF instance/VN)
Has built-in group-based policy

Question 40

Q

What is the difference between the LISP packet and the VXLAN packet?

Answer

A

Lisp only encapsulates the original layer 3 header (IP-in-IP/UDP encapsulation)
VXLAN encapsulates the original L2 (Ethernet) and L3 (IP) headers (MAC-in-IP/UDP)

Question 41

Q

How was the original VXLAN specification enhanced for SD-Access?

Answer

A

By adding new fields to the first 4 bytes of the VXLAN header in order to transport up to 64,000 TrustSec SGT tags
This was done to support TrustSec

Question 42

Q

What is the new SD-Access specification called?

Answer

A

VXLAN Group Policy Option (VXLAN GPO)

Question 43

Q

What are SGTs in SD-Access?

Answer

A

TrustSec Scalable Group Tags

Question 44

Q

What are the 4 new fields called in the VXLAN-GPO packet format?

Answer

A

Group Policy ID
Group-based Policy Extension Bit (G Bit)
Don’t Learn Bit (D Bit)
Policy Applied Bit (A Bit)

Question 45

Q

In the VXLAN-GPO what is the Group Policy ID?

Answer

A

16-bit identifier that is used to carry the SGT tag.

Question 46

Q

In the VXLAN-GPO what is the Group-based Policy Extension Header (G Bit)?

Answer

A

1-bit field that, when set to 1, indicates an SGT tag is being carried within the Group Policy ID field and set to 0 when it is not.

Question 47

Q

In the VXLAN-GPO what is the Don’t Learn Bit (D Bit)?

Answer

A

1-bit field that when set to 1 indicates that the egress virtual tunnel endpoint (VTEP) must not learn the source address of the encapsulated frame.

Question 48

Q

In the VXLAN-GPO what is A-bit?

What does the A stand for
When is the A-bit set?
What does it mean when the A bit is set to 1?
What does it meaa when the A bit is set to 0?

Answer

A

Policy Applied
It is only defined as the A bit when the G bit field is set to 1
If set to 1 it means that the group policy has already been applied to this packet, and further policies must not be applied by network devices.
If set to 0 It means that group policies must be applied by network devices, and they must set the A bit to 1 after the policy has been applied.

Question 49

Q

What are Cisco TrustSec SGT tags?

Who are they assigned to?
What do they take the place of?
What are 4 types of policies these tags can be used for?

Answer

A

Assigned to authenticated groups of users or end devices
They take the place of ACLs
Security, QOS, Policy-based Routing (PBR), network segmentation

Question 50

Q

What 5 advantages do SGT tags bring to SD-Access?

Answer

A

Support for VRF segmentation
Group-based segmentation (policies)
Reduces complexity by basing group policies on SGT tags instead of IP/MAC addresses
Dynamic enforcement of group-based policies regardless of location
Extends policy enforcement to external networks (cloud, data center) by using SGT Exchange Protocol (SXP) to send SGT tags to TrustSec-aware devices

Question 51

Q

What are the 5 basic device roles in SD-Access?

Answer

A

Control plane node
Fabric border node
Fabric edge node
Fabric WLAN controller
Intermediate nodes

Question 52

Q

What is the Control Plane Node?

What is the control plane node comparable to?
What SD-Access enhanced functions does it have?
What is the function of the database on the control plane node?
What are 3 types of lookups the database can do?
How is the database populated?
What kind of hardware/software should this device support and where can it be located?
What brand of hardware should it be?

Answer

A

LISP MS/MR
Fabric wireless and SGT mappings
It maps EIDs to RLOCs
IPV4, IPV6, and MAC
It receives EID-to-RLOC registrations from fabric border and edge nodes for wired clients and from fabric WLCs for wireless clients
Hardware/software should be scalable to support all mappings
It should be a Cisco router or switch inside or outside the fabric

Question 53

Q

What is the Fabric Border Node?

What is it comparable to?
What 2 things does it connect?
What 2 things does it translate?
What are the 3 types of Fabric Border Nodes and what do they connect to?

Answer

A

Comparable to LISP Proxy xTRs
It connects the fabric to external layer 3 networks
It translates reachability and policy information from one domain to another
This fabric device (for example, core layer device) connects external Layer 3 networks to the SD-Access fabric.
3 Types:
- Internal Border Node - only to known areas of the internal network
- Default Border Node - only to unknown areas outside the organization
- Internal+Default Border Node - connects to both internal and unknown networks

Question 54

Q

What is the Fabric Edge Node?

What is it comparable to?
What 4 things does it provide?
What kind of device must this be?

Answer

A

LISP xTR
It provides:
- Anycast gateway
- End point authentication
- Assignment to overlay host pools (DHCP or static)
- Group-based policy enforcement
Must be a Cisco switch or router operating in the fabric overlay

Question 55

Q

What is the Fabric WLAN Controller?

What is its function?
Where is it located and what does it connect to?
What 2 services does it provide and who are the services for?
How does it connect its clients to the fabric?
What would the mapping of these clients consist of?
What is the difference in how this fabric WLC carries traffic vs. traditional WLCs?

Answer

A

It connects APs and wireless endpoints to the SDA fabric.
Located outside the fabric and connects to an Internal Border Node
Onboarding and mobility services to fabric-connected wireless users and endpoints
it provides LISP Proxy xTR EID-to-RLOC registrations to the MS/MR
Maps the host EID to the current Access Point and to the Edge Node where that AP connects
Control plane traffic continues to use CAPWAP tunnels that are encapsulated in VXLAN tunnel and data plane traffic is re-mapped to the Fabric Edge Node (switch where the AP is) where it is encapsulated in its own VXLAN tunnel

Question 56

Q

What is the Intermediate Node?

Answer

A

These are intermediate routers or extended switches that do not provide any sort of SD-Access fabric role other than underlay services.

Question 57

Q

What are the 3 steps the Fabric Edge Node does when a wired client connects?
What are 3 types of host addresses that can be used in SD-Access?

Answer

A

First identifies and authenticates wired endpoints (through 802.1x)
Places them in a host pool (SVI and VRF instance) and into a scalable group (SGT assignment)
Then registers the specific EID host address with the control plane node
Types of host addresses:
- MAC host address
- IPv4 host address
- IPv6 host address

Question 58

Q

What else does the Fabric Edge Node do?

Answer

A

Provides a single Layer 3 anycast gateway (that is, the same SVI with the same IP address on all fabric edge nodes) for its connected endpoints
Performs the encapsulation and de-encapsulation of host traffic to and from its connected endpoints.

Question 59

Q

How do Fabric Border Nodes work?

Answer

A

They are LISP proxy tunnel routers (PxTRs)
They connect external Layer 3 networks to the SD-Access fabric
They translate reachability and policy information, such as VRF and SGT information, from one domain to another.

Question 60

Q

What does a Fabric Wireless Controller connect?

Answer

A

A fabric-enabled WLC connects APs and wireless endpoints to the SD-Access fabric.

Question 61

Q

How does a Fabric Wirelss Controller connect to the fabric?

Answer

A

The WLC is external to the fabric and connects to the SD-Access fabric through an internal border node.

Question 62

Q

What tasks does a Fabric Wireless Controller perform?

Answer

A

Provides onboarding and mobility services for wireless users and endpoints connected to the SD-Access fabric
Performs PxTR registrations to the fabric control plane (on behalf of the fabric edges)
Can be thought of as a fabric edge for wireless clients
Maps the host EID to the current fabric access point and fabric edge node location the access point is attached to

Question 63

Q

Why is tunneling wireless traffic over VXLAN better than a CAPWAP tunnel?

Answer

A

VXLAN increases performance and scalability

Question 64

Q

What does the Virtual Network (VN) provide?

What does it use to do this?
What are created in the process?

Answer

A

The VN provides virtualization at the device level, using VRF instances to create multiple Layer 3 routing tables.

Answer 65

A

Traffic segmentation across IP addresses
Allows for overlapping address space

Answer 66

A

LISP instance IDs

Answer 67

A

Edge nodes add a VXLAN ID (VNID) to the fabric encapsulation.

Answer 68

A

It consists of:
- A group of assigned endpoints
- An SVI
They can be assigned based on 802.1x authentication or statically by switchport
The SVI for the host pool their default gateway
EID mappings are used to advertise each host pool itself as well as host-specific advertisements and mobility

Answer 69

A

A group of endpoints with similar policies
Yes
The SD-Access policy plane
Every endpoint (host) using TrustSec SGT tags
Assignment based on:
- Static per fabric edge port
- Dynamic through AAA or RADIUS authentication by Cisco ISE
There is a direct one-to-one relationship between them
The scalable group and its members operate within a single VN
Every VXLAN packet carries the SGT tag

Answer 70

A

A pervasive Layer 3 default gateway where the same SVI is provisioned on every edge node with the same IP and MAC address

Answer 71

A

The controller layer provides all of the management subsystems for the management layer, and this is all provided by Cisco DNA Center and Cisco ISE.

Answer 72

A

Cisco Network Control Platform (NCP)
Cisco Network Data Platform (NDP)
Cisco Identity Services Engine (ISE)

Answer 73

A

Integrated directly into Cisco DNA Center
It provides
- automation
- orchestration
It uses:
- NETCONF/YANG
- SNMP
- SSH/Telnet

Answer 74

A

It is integrated into DNA-C
It is made up of
- data collection
- analytics
- assurance
Sources include Netflow and SPAN
It identifies historical trends and then uses this information to provide contextual information to NCP and ISE, and it provides network operational status and other information to the management layer

Answer 75

A

It analyzes and correlates various network events through multiple sources (such as NetFlow and Switched Port Analyzer [SPAN])
It identifies historical trends and then uses this information to provide contextual information to NCP and ISE, and it provides network operational status and other information to the management layer

Answer 76

A

The basic role of ISE is to provide all the identity and policy services for the physical layer and network layer.

Answer 77

A

It uses 802.1x, MAC Authentication Bypass (MAB), and Web Authentication (WebAuth).

Answer 78

A

ISE collects and uses the contextual information shared from NDP and NCP ( also Active Directory and AWS) and then places the profiled endpoints into the correct scalable group and host pool. ISE uses this information to provide information to NCP and NDP, so the user (management layer) can create and manage group-based policies
ISE is also responsible for programming group-based policies on the network devices.

Answer 79

A

The NDP subsystem shares contextual analytics information with Cisco ISE and NCP subsystems and provides this information to the user (management layer)
The NCP subsystem integrates directly with Cisco ISE and NDP subsystems to provide contextual automation information between them
ISE integrates directly with Cisco NCP and NDP subsystems (Cisco DNA Center) to provide contextual identity and policy information

Answer 80

A

It is the user interface/user experience (UI/UX) layer, where all the information from the other layers is presented to the user in the form of a centralized management dashboard.
It is the intent-based networking aspect of Cisco DNA

Answer 81

A

No the management layer abstracts all the complexities and dependencies of the other layers and provides the user with a simple set of GUI tools and workflows to easily manage and operate the entire Cisco DNA network

Answer 82

A

Design
Policy
Provision
Assurance

Answer 83

A

To logically define the SD-Access fabric.

Answer 84

A

* Network Hierarchy * Network Settings * Image Repository * Network Profiles

Answer 85

A

It is used to set up geolocation, building, and floorplan details and associate them with a unique site ID.

Answer 86

A

It is used to set up network servers (such as DNS, DHCP, and AAA), device credentials, IP management, and wireless settings.

Answer 87

A

It is used to manage the software images and/or maintenance updates, set version compliance, and download and deploy images.

Answer 88

A

It is used to define LAN, WAN, and WLAN connection profiles (such as SSID) and apply them to one or more sites.

Answer 89

A

* Dashboard * Group-based Access Control * IP-based Access Control * Application * Traffic Copy * Virtual Network

Answer 90

A

It is used to monitor all the VNs, scalable groups, policies, and recent changes.

Answer 91

A

It is used to create group-based access control policies, which are the same as SGACLs. Cisco DNA Center integrates with Cisco ISE to simplify the process of creating and maintaining SGACLs.

Answer 92

A

It is used to create IP-based access control policy to control the traffic going into and coming out of a Cisco device in the same way that an ACL does.

Answer 93

A

It is used to configure QoS in the network through application policies.

Answer 94

A

It is used to configure Encapsulated Remote Switched Port Analyzer (ERSPAN) to copy the IP traffic flow between two entities to a specified remote destination for monitoring or troubleshooting purposes.).

Answer 95

A

It is used to set up the virtual networks (or use the default VN) and associate various scalable groups.

Answer 96

A

* Devices * Fabrics * Fabric Devices * Host Onboardings

Answer 97

A

It is used to assign devices to a site ID, confirm or update the software version, and provision the network underlay configurations.

Answer 98

A

It is used to set up the virtual networks (or use the default VN) and associate various scalable groups.

Answer 99

A

It is used to add devices to the fabric domain and specify device roles (such as control plane, border, edge, and WLC).

Answer 100

A

It is used to define the host authentication type (static or dynamic) and assign host pools (wired and wireless) to various VNs.

Answer 101

A

* Dashboard * Client 360 * Devices 360 * Issues

Answer 102

A

It is used to monitor the global health of all (fabric and non-fabric) devices and clients, with scores based on the status of various sites.

Answer 103

A

It is used to monitor and resolve client-specific status and issues (such as onboarding and app experience), with links to connected devices.

Answer 104

A

It is used to monitor and resolve device-specific status and issues (such as resource usage and loss and latency), with links to connected clients.

Answer 105

A

It is used to monitor and resolve open issues (reactive) and/or developing trends (proactive) with clients and devices at various sites.

Answer 106

A

* Lower costs and reduce risks * Extend their enterprise networks into the public cloud * Optimal user experience for SaaS applications * Leverage a transport-independent WAN for lower cost and higher diversity (underlay is any type of IP network (Internet, MPLS, etc) * Improve application performance with intelligent path control * End-to-end WAN traffic segmentation and encryption

Answer 107

A

* Cisco SD-WAN based on Viptela * Meraki SD-WAN

Answer 108

A

* Viptella based * Cloud-delivered overlay WAN architecture * Preferred solution for organizations that require an SD-WAN solution with cloud-based initiatives * provides granular segmentation, advanced routing, advanced security, and complex topologies while connecting to cloud instances

Answer 109

A

* Recommended solution for organizations that require unified threat management (UTM) solutions with SD-WAN functionality or that are existing Cisco Meraki customers looking to expand to SD-WAN.

Answer 110

A

An all-in-one security solution delivered in a single appliance in Meraki implementations.

Answer 111

A

* Firewall * VPN * Intrusion prevention * Antivirus * Antispam * Web content filtering

Answer 112

A

* vManage Network Management System * vSmart Controller * SD-WAN routers * vBond Orchestrator

Answer 113

A

* A single pane of glass network management system (NMS) GUI * Used to configure and manage the full SD-WAN solution * Enables centralized provisioning and simplifies network changes.

Answer 114

A

* Brains of SD-WAN solution * Establishes OMP neighborships with SD-WAN routers * Learns routes and network topology *Calculates best routes * Advertises reachability info to SD-WAN routers * Implements control plane policies created by vManage * also works in conjunction with the vBond orchestrator to authenticate the devices as they join the network and to orchestrate connectivity between the SD-WAN routers.

Answer 115

A

* vSmart Controller has pre-installed credentials that ensures only authenticated devices join the SD-WAN fabric

Answer 116

A

* Proprietary protocol similar to BGP used by vSmart Controllers to form neighborships with SD-WAN routers * Used to advertise routes, next hops, keys, and policy information needed to establish and maintain the SD-WAN fabric

Answer 117

A

* It establishes a permanent DTLS tunnel to each SD-WAN router in the SD-WAN fabric * It uses these tunnels to establish Overlay Management Protocol (OMP) neighborships with each SD-WAN router.

Answer 118

A

* vEdge - Viptela platforms running Viptela software * cEdge - Viptela software integrated with Cisco IOS-XE

Answer 119

A

* CSR * ISR * ASR1k * ENCS * Cloud-enabled CSRv and ISRv

Answer 120

A

They deliver the essential WAN, security, and multicloud capabilities of the Cisco SD-WAN solution,

Answer 121

A

They have local intelligence to make site-local decisions regarding routing, high availability (HA), interfaces, ARP management, and ACLs.

Answer 122

A

A main differentiator between SD-WAN cEdge routers and vEdge routers is that cEdge routers support advanced security features,

Answer 123

A

* SD-WAN overlay control * Data plane functions

Answer 124

A

OSPF, BGP, ACLs, QOS, Routing policies

Answer 125

A

They sit at the perimeter of a site, such as a remote office, branch office, campus, or data center.

Answer 126

A

* Connect with vSmart Controller over DTLS tunnel and use OMP to form a neighborship * Connects with other SD-WAN routers using IPSec

Answer 127

A

* Datagram Transport Layer Security * UDP based * Preserves the semantics of the underlying transport * Prevents eavesdropping, tampering, and message forgery

Answer 128

A

To exchange routing information

Answer 129

A

* SD-WAN routers * vSmart Controllers

Answer 130

A

The vBond Orchestrator needs a public IP so that all SD-WAN devices in the network can connect to it.

Answer 131

A

An SD-WAN router that only performs the Orchestrator tasks.

Answer 132

A

* Control plane connection * NAT Traversal * Load Balancing

Answer 133

A

* Permanent connection over DTLS tunnel with every vSmart Controller * DTLS connections with SD-WAN routers to authenticate them when they come on line and to facilitate their ability to join the network

Answer 134

A

Basic authentication of an SD-WAN router is done using certificates and RSA cryptography.

Answer 135

A

It facilitates the initial orchestration between SD-WAN routers and vSmart controllers when one or both of them are behind NAT devices.

Answer 136

A

Standard peer-to-peer techniques

Answer 137

A

In a domain with multiple vSmart controllers, the vBond orchestrator automatically performs load balancing of SD-WAN routers across the vSmart controllers when routers come online.

Answer 138

A

* Visibility into applications and infrastructure across the WAN * Forecasting and what-if analysis * Intelligent recommendations

Answer 139

A

vAnalytics can also help predict how much bandwidth is truly required for any location, and this is useful in deciding whether a circuit can be downgraded to a lower bandwidth to reduce costs.

Answer 140

A

If a site is experiencing latency or packet loss vAnalytics will detect this. It will then compare what it finds with other organizations in the area and can report results to the service provider

Answer 141

A

* vManage * vSmart

Answer 142

A

By continuously monitoring SaaS performance across diverse paths and selecting the best-performing path based on performance metrics (jitter, loss, and delay).

Answer 143

A

By extending the SD-WAN fabric to the public cloud while at the same time increasing high availability and scale.

Answer 144

A

The SD-WAN router at the remote site starts sending small HTTP probes to the SaaS application through both DIA circuits to measure latency and loss.

Answer 145

A

Dedicated Internet Access

Answer 146

A

a detection protocol originally designed to provide fast forwarding path failure detection times between two adjacent routers.

Answer 147

A

In a case where a remote office can reach the SaaS provider via its own Internet connection or as an alternative go through the company’s main office SD-WAN uses BFD over the DTLS session between the branch and main offices to see if the Internet connection through the main office is better than the branch’s own Internet access connection.

Answer 148

A

Cisco-validated fabric overlay solution that includes all of the features and protocols to operate the network infrastructure.

Answer 149

A

Control plane
Data plane
Management plane
Policy plane

Answer 150

A

Combining multiple existing technologies and automated management by DNA Center.

Answer 151

A

Security Group Access Control List
An ACL based on identity instead of IP address

Answer 152

A

Virtual Routing and Forwarding
In SD-Access it’s called a Virtual Network (VN)
It is an instance of a virtual network with it’s own set of access policies. SD-Access can support multiple VNs

Answer 153

A

IS-IS performs better than EIGRP and OSPF
It is able to form neighborships without dependence on TCP/IP
It can form neighbor relationships using loopback addresses
It can support both IP and non-IP protocols

Answer 154

A

Connect the SD-Access fabric to shared services such as DNS, DHCP, NTP
Connects ISE, DNAC, and WLCs to the SD-Access fabric so that their services are accessible to virtual networks (VNs) and their endpoints

Answer 155

A

vSmart Controller

Answer 156

A

SUPER-ADMIN-ROLE permissions
Perform a backup
Perform a system update
Verify access through firewall to www.ciscoconnectdna.com:443
Have CCO ID available
Allocate at least 6 hours
Confirm that root partition has at least 2GB free
Confirm that data partition has at least 32 GB free and is not more than 70% full

Brainscape's Knowledge GenomeTM

Chap 23 - Fabric Technologies Flashcards

Brainscape's Knowledge Genome^TM